SYMBOLCOMMON_NAMEaka. SYNONYMS
win.rhadamanthys (Back to overview)

Rhadamanthys

Actor(s): Sandworm


According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.

At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.

References
2023-08-31Checkpointhasherezade
@online{hasherezade:20230831:from:dbe4160, author = {hasherezade}, title = {{From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats}}, date = {2023-08-31}, organization = {Checkpoint}, url = {https://research.checkpoint.com/2023/from-hidden-bee-to-rhadamanthys-the-evolution-of-custom-executable-formats/}, language = {English}, urldate = {2023-09-01} } From Hidden Bee to Rhadamanthys - The Evolution of Custom Executable Formats
Hidden Bee Rhadamanthys
2023-07-11SpamhausSpamhaus Malware Labs
@techreport{labs:20230711:spamhaus:4e2885e, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q2 2023}}, date = {2023-07-11}, institution = {Spamhaus}, url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q2%20Botnet%20Threat%20Update.pdf}, language = {English}, urldate = {2023-07-22} } Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-06-15eSentireRussianPanda
@online{russianpanda:20230615:esentire:7cd1ea3, author = {RussianPanda}, title = {{eSentire Threat Intelligence Malware Analysis: Resident Campaign}}, date = {2023-06-15}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-resident-campaign}, language = {English}, urldate = {2023-07-11} } eSentire Threat Intelligence Malware Analysis: Resident Campaign
Cobalt Strike Rhadamanthys
2023-05-16SecureworksCounter Threat Unit ResearchTeam
@online{researchteam:20230516:growing:c703021, author = {Counter Threat Unit ResearchTeam}, title = {{The Growing Threat from Infostealers}}, date = {2023-05-16}, organization = {Secureworks}, url = {https://www.secureworks.com/research/the-growing-threat-from-infostealers}, language = {English}, urldate = {2023-07-31} } The Growing Threat from Infostealers
Graphiron GraphSteel Raccoon RedLine Stealer Rhadamanthys Taurus Stealer Vidar
2023-04-19GoogleBilly Leonard, Google Threat Analysis Group
@online{leonard:20230419:ukraine:6c3440b, author = {Billy Leonard and Google Threat Analysis Group}, title = {{Ukraine remains Russia’s biggest cyber focus in 2023}}, date = {2023-04-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023}, language = {English}, urldate = {2023-04-22} } Ukraine remains Russia’s biggest cyber focus in 2023
Rhadamanthys
2023-04-12SpamhausSpamhaus Malware Labs
@techreport{labs:20230412:spamhaus:aa309d1, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q1 2023}}, date = {2023-04-12}, institution = {Spamhaus}, url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q1%20Botnet%20Threat%20Update.pdf}, language = {English}, urldate = {2023-04-18} } Spamhaus Botnet Threat Update Q1 2023
FluBot Amadey AsyncRAT Aurora Ave Maria BumbleBee Cobalt Strike DCRat Emotet IcedID ISFB NjRAT QakBot RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee Vidar
2023-03-27Check Point ResearchCheckpoint Research
@online{research:20230327:rhadamanthys:813d37c, author = {Checkpoint Research}, title = {{Rhadamanthys: The “Everything Bagel” Infostealer}}, date = {2023-03-27}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2023/rhadamanthys-the-everything-bagel-infostealer/}, language = {English}, urldate = {2023-04-22} } Rhadamanthys: The “Everything Bagel” Infostealer
Rhadamanthys
2023-02-21ZscalerNikolaos Pantazopoulos, Sarthak Misraa
@online{pantazopoulos:20230221:technical:f0dc423, author = {Nikolaos Pantazopoulos and Sarthak Misraa}, title = {{Technical Analysis of Rhadamanthys Obfuscation Techniques}}, date = {2023-02-21}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-rhadamanthys-obfuscation-techniques}, language = {English}, urldate = {2023-08-16} } Technical Analysis of Rhadamanthys Obfuscation Techniques
Rhadamanthys
2023-01-16Medium elis531989Eli Salem
@online{salem:20230116:dancing:3a33ea6, author = {Eli Salem}, title = {{Dancing With Shellcodes: Analyzing Rhadamanthys Stealer}}, date = {2023-01-16}, organization = {Medium elis531989}, url = {https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88}, language = {English}, urldate = {2023-01-16} } Dancing With Shellcodes: Analyzing Rhadamanthys Stealer
Rhadamanthys
2023-01-12CybleincCyble
@online{cyble:20230112:rhadamanthys:c1e900e, author = {Cyble}, title = {{Rhadamanthys: New Stealer Spreading Through Google Ads}}, date = {2023-01-12}, organization = {Cybleinc}, url = {https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/}, language = {English}, urldate = {2023-01-16} } Rhadamanthys: New Stealer Spreading Through Google Ads
Rhadamanthys
2023-01-03Malware Traffic AnalysisBrad Duncan
@online{duncan:20230103:20230103:d0e003c, author = {Brad Duncan}, title = {{2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER}}, date = {2023-01-03}, organization = {Malware Traffic Analysis}, url = {https://www.malware-traffic-analysis.net/2023/01/03/index.html}, language = {English}, urldate = {2023-02-06} } 2023-01-03 (TUESDAY) - GOOGLE AD --> FAKE NOTPAD++ PAGE --> RHADAMANTHYS STEALER
Rhadamanthys
2022-12-05AccenturePaul Mansfield, Thomas Willkan
@online{mansfield:20221205:popularity:9c1ed9c, author = {Paul Mansfield and Thomas Willkan}, title = {{Popularity spikes for information stealer malware on the dark web}}, date = {2022-12-05}, organization = {Accenture}, url = {https://www.accenture.com/us-en/blogs/security/information-stealer-malware-on-dark-web}, language = {English}, urldate = {2023-04-28} } Popularity spikes for information stealer malware on the dark web
MetaStealer Rhadamanthys
2022-10-06ThreatMonThreatMon Malware Research Team
@online{team:20221006:rhadamanthys:0a6ef93, author = {ThreatMon Malware Research Team}, title = {{Rhadamanthys Stealer Analysis}}, date = {2022-10-06}, organization = {ThreatMon}, url = {https://threatmon.io/rhadamanthys-stealer-analysis-threatmon/}, language = {English}, urldate = {2023-02-17} } Rhadamanthys Stealer Analysis
Rhadamanthys

There is no Yara-Signature yet.